2 min read
The eIDAS Agenda: Innovation, Interoperability and transparency
Ashiq JA (guest) : 25. February 2018
Digital signatures (and the accompanying concepts of encryption and authentication) have been a critical aspect of electronic communications for several years now, and both regulatory bodies and businesses continue to demonstrate a vested interest in the continued growth and advancement of this field.
A popular point of discussion and research among businesses in the EU is eIDAS, the EU regulation on the use of identification and trust services for electronic transactions in the internal market. eIDAS is not only essential for legally compliant digital signatures, but it is also an integral aspect of the EU's technical innovation and progress.
While eIDAS was formally adopted in July 2014, there is still a great deal of innovation and discussion occurring regarding best practices for implementing compliant tools and processes. Therefore, it is critical that executives and security stakeholders understand eIDAS and the implications of this regulation for the future of their business, both in terms of technological investments and for the sake of the growth and security of the business.
Where did eIDAS originate?
It's important to consider the source of the eIDAS regulation as a means of comprehending the purpose of the framework and gaining a glimpse of its future direction. eIDAS originated from the European Commission focused on the "Digital Agenda" for Europe. This group ensures that policy and strategy recommendations align with the digital growth that the EU needs to continue to prosper over the next few years.
- This is the first key point about eIDAS: eIDAS is about innovation.
- Neither older, less secure technologies nor newer ones that are not sufficiently tested will suffice; eIDAS is meant to push organizations toward the highest levels of innovation and security that exist.
- Neither older, less secure technologies nor newer ones that are not sufficiently tested will suffice; eIDAS is meant to push organizations toward the highest levels of innovation and security that exist.
Key Aspects of eIDAS
There are two key ideas around which eIDAS is focused: interoperability and transparency.
- Interoperability - eIDAS is intended to ensure that (trusted) electronic IDs and signatures used by one country are recognized and easily usable within the electronic environment of another country.
- As part of eIDAS, member nations are required to develop a common framework upon which member states can recognize the eID of another member state, and ensure its security and authenticity.
- By establishing a centralized means to recognize digital IDs, it is easier to facilitate cross-border digital signatures and carry out international business needs.
- Transparency - eIDAS also involves clearly identifying a widely-available list of trusted services that can be used in the context of a centralized signing framework.
- Transparency allows all EU security stakeholders to engage in dialogue regarding the most secure and widely accepted tools and technologies for digital signatures.
- As part of the directives on transparency, the specific formats that are recognized by the public sectors within member states are also specified.
What's Next?
There are several ways that decision-makers and stakeholders can help the eIDAS initiative (and their organization) move forward:
- Understand the regulations and guidelines that comprise eIDAS.
- Adopt, use and encourage technologies that facilitate a centralized digital signature infrastructure.
- Partner with solution vendors that are truly providing next-generation digital signature technologies.
eIDAS is just one element of the exciting technological innovations that are to come for the EU and its businesses through future similar dialogues and frameworks. Organizations must understand eIDAS and its intentions and key goals in order to be part of the next-generation technology era in the EU.
There are numerous resources available for those who wish to further research the technical details of eIDAS. It is certainly not wasted time to further explore this revolutionary framework.
References and Further Reading
- Selected articles on Digital Signatures (2014-16), by Ashiq JA, Guillaume Forget, Peter Landrock, Torben Pedersen and Dawn M. Turner
- Trust Services and eID (retrieved 11.01.2016) by the European Commission
- REGULATION (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (2014) by the European Parliament and the European Commission
Cover image: courtesy of Plantronics Germany, Flickr